Ubuntu
ecryptfs-utils package

lp:~nobuto/ubuntu/raring/ecryptfs-utils/record-passphrase-dialogue-translatable

  1. Raring (13.04)
  2. record-passphrase-dialogue-translatable
Created by Nobuto Murata and last modified
Get this branch:
bzr branch lp:~nobuto/ubuntu/raring/ecryptfs-utils/record-passphrase-dialogue-translatable
Only Nobuto Murata can upload to this branch. If you are Nobuto Murata please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Nobuto Murata
Status:
Merged

Recent revisions

91. By Nobuto Murata

write up changelog

90. By Nobuto Murata

apply all patches to prepare for merge.

89. By Nobuto Murata

remove line breaks(.) in an update-notifier hook to workaround lp bug
1075304.

88. By Nobuto Murata

* make "Record your encryption passphrase" dialogue translatable
  (LP: #982924)
  - add translation markers to the messages shown in the dialogue
  - the markers will be removed by override_dh_install to work as an
    update-notifier hook.
    See. https://wiki.ubuntu.com/InteractiveUpgradeHooks

87. By Dustin Kirkland 

[ Eric Lammerts ]
* src/libecryptfs/sysfs.c: LP: #1007880
  - Handle NULL mnt pointer when sysfs is not mounted

[ Tyler Hicks ]
* src/utils/ecryptfs-migrate-home: LP: #1026180
  - Correct minor misspelling
* src/utils/ecryptfs-recover-private: LP: #1004082
  - Fix option parsing when --rw is specified
* src/utils/ecryptfs-recover-private: LP: #1028923
  - Simplify success message to prevent incorrectly reporting that a
    read-only mount was performed when the --rw option is specified
* tests/lib/etl_func.sh:
  - Add test library function to return a lower path from an upper path,
    based on inode numbers
* tests/kernel/mmap-close.sh, tests/kernel/mmap-close/test.c:
  - Add regression test for open->mmap()->close()->dirty memory->munmap()
    pattern
* tests/kernel/lp-561129.sh:
  - Add test for checking that a pre-existing target inode is properly
    evicted after a rename
* tests/README:
  - Add documentation on the steps to take when adding new test cases

[ Colin King ]
* tests/kernel/lp-911507.sh:
  - Add test case for initializing empty lower files during open()
* tests/kernel/lp-872905.sh:
  - Add test case to check for proper unlinking of lower files when
    lower file initialization fails
* src/key_mod/ecryptfs_key_mod_openssl.c,
  src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
  src/libecryptfs/key_management.c,
  src/utils/mount.ecryptfs_private.c, src/utils/umount.ecryptfs.c:
  - address some issues raised by smatch static analysis
  - fix some memory leaks with frees
  - fix some pointer refs and derefs
  - fix some comment typos

[ Dustin Kirkland ]
* src/libecryptfs/key_management.c:
  - silence pam error message when errno == EACCES
    + "Error attempting to parse .ecryptfsrc file; rc = [-13]"
* src/utils/mount.ecryptfs_private.c: LP: #1052038
  - fix race condition, which typically manifests itself with a user
    saying that their home directory is not accessible, or that their
    filenames are not decrypted
  - the root of the problem is that we were reading the signature file,
    ~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
    so the file encryption signature is read and key is loaded, but then
    some other process (usually from PAM, perhaps a cron job or a
    subsequent login) mounts the home directory before the filename
    encryption key is loaded; thus, $HOME is mounted but filenames are
    not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
    as that file is not found
  - the solution is to rework the internal fetch_sig() function and read
    one or both signatures within a single open/read/close operation of
    the file
  - free memory used by char **sig on failure
* debian/copyright:
  - fix lintian warning
* precise

86. By Dustin Kirkland 

[ Tyler Hicks ]
* src/pam_ecryptfs/pam_ecryptfs.c, src/libecryptfs/key_management.c:
    LP: #1024476
  - fix regression introduced in ecryptfs-utils-99 when Encrypted
    Home/Private is in use and the eCryptfs kernel code is compiled as a
    module
  - drop check for kernel filename encryption support in pam_ecryptfs, as
    appropriate privileges to load the eCryptfs kernel module may not be
    available and filename encryption has been supported since 2.6.29
  - always add filename encryption key to the kernel keyring from pam mount

[ Colin King ]
* tests/kernel/inode-race-stat/test.c:
  - limit number of forks based on fd limits
* tests/kernel/enospc.sh, tests/kernel/enospc/test.c,
  tests/kernel/Makefile.am, tests/kernel/tests.rc:
  - add test case for ENOSPC

[ Tim Harder ]
* m4/ac_python_devel.m4: LP: #1029217
  - properly save and restore CPPFLAGS and LIBS when python support is
    enabled

85. By Dustin Kirkland 

[ Dustin Kirkland ]
* debian/ecryptfs-utils.postinst: LP: #936093
  - ensure desktop file is executable
* precise

[ Wesley Wiedenmeier ]
* src/utils/mount.ecryptfs.c: LP: #329264
  - remove old hack, that worked around a temporary kernel regression;
    ensure that all mount memory is mlocked

[ Sebastian Krahmer ]
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
  - drop group privileges in the same places that user privileges are
    dropped
  - check return status of setresuid() calls and return if they fail
  - drop privileges before checking for the existence of
    ~/.ecryptfs/auto-mount to prevent possible file existence leakage
    by a symlink to a path that typically would not be searchable by
    the user
  - drop privileges before reading salt from the rc file to prevent the
    leakage of root's salt and, more importantly, using the incorrect salt
  - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
  - after dropping privileges, clear the environment before executing the
    private eCryptfs mount helper
  - discovered by Sebastian Krahmer
* src/utils/mount.ecryptfs_private.c: LP: #1020904
  - do not allow private eCryptfs mount aliases to contain ".." characters
    as a preventative measure against a crafted file path being used as an
    alias
  - force the MS_NOSUID mount flag to protect against user controlled lower
    filesystems, such as an auto mounted USB drive, that may contain a
    setuid-root binary
    + CVE-2012-3409
  - force the MS_NODEV mount flag
  - after dropping privileges, clear the environment before executing umount
  - discovered by Sebastian Krahmer

[ Tyler Hicks ]
* src/libecryptfs/key_management.c: LP: #732614
  - zero statically declared buffers to prevent the leakage of stack
    contents in the case of a short file read
  - discovered by Vasiliy Kulikov
* src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
  - fix compiler warnings

84. By Dustin Kirkland 

[ Dustin Kirkland ]
* debian/ecryptfs-utils.prerm:
  - drop the pre-removal ERRORs down to WARNINGs
  - these have caused a ton of trouble; whatever is causing ecryptfs-utils
    to be marked for removal should be fixed; but ecryptfs exiting 1 seems
    to be causing more trouble than it's worth
  - LP: #871021, #812270, #988960, #990630, #995381, #1010961
* doc/ecryptfs-faq.html:
  - update the frequently asked questions, which haven't seen much
    attention in a while now
  - drop a few references to sourceforge
* doc/ecryptfs-pam-doc.txt, doc/manpage/fr/ecryptfs-add-passphrase.1,
  doc/manpage/fr/ecryptfs-generate-tpm-key.1, doc/manpage/fr/ecryptfs-
  insert-wrapped-passphrase-into-keyring.1, doc/manpage/fr/ecryptfs-
  mount-private.1, doc/manpage/fr/ecryptfs-rewrap-passphrase.1,
  doc/manpage/fr/ecryptfs-setup-private.1, doc/manpage/fr/ecryptfs-
  umount-private.1, doc/manpage/fr/ecryptfs-unwrap-passphrase.1,
  doc/manpage/fr/ecryptfs-wrap-passphrase.1, doc/manpage/fr/ecryptfs-
  zombie-kill.1, doc/manpage/fr/ecryptfs-zombie-list.1,
  doc/sourceforge_webpage/ecryptfs-article.pdf,
  doc/sourceforge_webpage/ecryptfs_design_doc_v0_1.pdf,
  doc/sourceforge_webpage/ecryptfs-faq.html,
  doc/sourceforge_webpage/ecryptfs-key-diagram-356.png,
  doc/sourceforge_webpage/ecryptfs-key-diagram-640.png,
  doc/sourceforge_webpage/ecryptfs-pageuptodate-call-graph.png,
  doc/sourceforge_webpage/ecryptfs-pam-doc.txt,
  doc/sourceforge_webpage/ecryptfs.pdf,
  doc/sourceforge_webpage/index.html, doc/sourceforge_webpage/README,
  === removed directory doc/manpage/fr, === removed directory
  doc/sourceforge_webpage, rpm/ecryptfs-utils.spec:
  - remove some deprecated documentation
  - fish it out of bzr, if we ever need it again, but let's
    quit publishing it in our release tarballs
* precise

83. By Dustin Kirkland 

[ Kees Cook ]
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #938326
  - exit, rather than return to prevent duplicate processes

[ Andreas Raster ]
* src/desktop/ecryptfs-find:
  - $mounts was quoted once too often

[ George Wilson ]
* src/key_mod/ecryptfs_key_mod_openssl.c,
  src/key_mod/ecryptfs_key_mod_pkcs11_helper.c,
  src/key_mod/ecryptfs_key_mod_tspi.c: LP: #937331
  - IBM would like to grant a license exception for key modules that
    require linking to OpenSSL. The change should make the modules
    shippable by Linux distributions

[ Dustin Kirkland ]
* debian/copyright:
  - note the GPLv2 SSL exception granted by IBM for the key modules
* debian/control, debian/copyright, doc/manpage/ecryptfs.7,
  doc/manpage/ecryptfs-add-passphrase.1, doc/manpage/ecryptfsd.8,
  doc/manpage/ecryptfs-generate-tpm-key.1, doc/manpage/ecryptfs-
  insert-wrapped-passphrase-into-keyring.1, doc/manpage/ecryptfs-
  manager.8, doc/manpage/ecryptfs-mount-private.1,
  doc/manpage/ecryptfs-recover-private.1, doc/manpage/ecryptfs-rewrap-
  passphrase.1, doc/manpage/ecryptfs-rewrite-file.1,
  doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs-setup-
  swap.1, doc/manpage/ecryptfs-stat.1, doc/manpage/ecryptfs-umount-
  private.1, doc/manpage/ecryptfs-unwrap-passphrase.1,
  doc/manpage/ecryptfs-wrap-passphrase.1,
  doc/manpage/mount.ecryptfs.8, doc/manpage/mount.ecryptfs_private.1,
  doc/manpage/pam_ecryptfs.8, doc/manpage/umount.ecryptfs.8,
  doc/manpage/umount.ecryptfs_private.1, README,
  src/utils/mount.ecryptfs.c:
  - use the new ecryptfs.org website where appropriate
* debian/control:
  - update to suggest zescrow-client
* precise

[ Sergio Peña ]
* src/libecryptfs/cipher_list.c: LP: #922821
  - add the new name of the blowfish cipher (linux >= 3.2)
* src/include/ecryptfs.h, src/libecryptfs/main.c,
  src/utils/mount.ecryptfs.c: LP: #917509
  - use execl() to mount ecryptfs
  - this allows us to support any arbitrary mount options in
    /etc/fstab

[ Tyler Hicks ]
* doc/manpage/ecryptfs.7:
  - Remove the note saying that the passphrase and openssl key modules are
    available by default. That's true upstream but not always true in distro
    builds.
* tests/run_tests.sh:
  - Make upper and lower mount point arguments optional by automatically
    creating directories in /tmp by default.
  - Make it possible to run only userspace tests without having to specify
    unused mount information
  - Accept a comma-separated list of lower filesystems to test on and loop
    through all kernel tests for each lower filesystem
  - Accept a comma-separated list of tests to run
* tests/lib/etl_funcs.sh:
  - Unset $ETL_DISK just before etl_remove_disk() successfully returns
* tests/userspace/Makefile.am:
  - Also build 'make check' tests when building with --enable-tests
* include/ecryptfs.h, libecryptfs/Makefile.am,
  libecryptfs/cipher_list.c, libecryptfs/module_mgr.c,
  utils/io.h: LP: #994813
  - remove overly complicated implementation to detect what ciphers
    are supported by the currently running kernel's crypto api
  - prompt for the entire supported cipher list, if the user selects a
    cipher that their kernel doesn't support, the mount will fail
    and the kernel will write an error message to the syslog
* src/libecryptfs/module_mgr.c:
  - Use correct blowfish block size when displaying supported ciphers to
    the user
* tests/kernel/lp-1009207.sh, tests/kernel/Makefile.am,
  tests/kernel/tests.rc:
  - Add simple test case for incorrect handling of umask and default POSIX
    ACL masks
* tests/kernel/lp-994247.sh, tests/kernel/lp-994247/test.c,
  tests/kernel/Makefile.am, tests/kernel/tests.rc:
  - Add test case for incorrect handling of open /dev/ecryptfs file
    descriptors that are passed or inherited by other processes

[ Colin King ]
* tests/lib/etl_funcs.sh:
  - etl_lumount() should use DST rather than SRC dir so it can run on Lucid
  - use file system appropriate mkfs force flag
  - cater for correct ext2 default mount flags
* tests/kernel/lp-509180.sh, tests/kernel/lp-509180/test.c:
  - test for trailing garbage at end of files
* tests/kernel/lp-524919.sh, tests/kernel/lp-524919/test.c:
  - test case for checking lstat/readlink size
* tests/kernel/lp-870326.sh, tests/kernel/lp-870326/test.c:
  - test case for open(), mmap(), close(), modify mmap'd region
* tests/kernel/lp-469664.sh:
  - test case for lsattr
* tests/kernel/lp-613873.sh:
  - test case for stat modify time
* tests/kernel/lp-745836.sh:
  - test case for clearing ECRYPTFS_NEW_FILE flag during truncate
* tests/lib/etl_funcs.sh, tests/kernel/extend-file-random.sh,
  tests/kernel/trunc-file.sh (LP: #1007159):
  - Add test library function for estimating available space in lower fs
  - Use new library function in tests that need to create large files

[ Colin Watson ]
* src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
  LP: #979350

[ Serge Hallyn ]
* src/utils/mount.ecryptfs_private.c:
  - EoL fixes

82. By Colin Watson

src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
(LP: #979350).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/raring/ecryptfs-utils
This branch contains Public information 
Everyone can see this information.

Subscribers